Help with VPN config (attached)

Unanswered Question
Feb 3rd, 2009

Hi,

I have this working config from a Cisco 877 DSL router (remote office) which is in VPN mode connected to a Cisco ASA (HQ with servers).

Now users can conenct to all the servers at the HQ, but their internet access also goes of the VPN, how can I split the traffic so all requests to our HQ servers goes over the VPN and all Internet requests go on through the local DSL of the router?

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Tue, 02/03/2009 - 16:57

If the config that you pasted here is from one of those 877 remote offices then to "split" the internet traffic from the corporate traffic, you need to change your match address 110 from:

access-list 101 permit ip 172.19.19.0 0.0.0.255 any

To

access-list 101 permit ip 172.19.19.0 0.0.0.255

Having the match address 101 with the destination as any, will make internet traffic to be part of that ANY keyword.

Actions

This Discussion